Booting an EC2 instance from iSCSI target

Amazon EC2 provides several predefined AMIs that can be used to launch an instance. However, there is also a way to boot an instance on EC2 from OS images apart from the regular available AMIs.

This articles focuses on an .raw Linux image that is exposed as an iSCSI LUN within the AWS VPC.

Follow the below steps :

[1] Launch an Linux Ubuntu EC2 instance from the existing AMIs.

[2] Install iSCSI target and copy your custom Linux OS image on it and expose it as an iSCSI LUN

[3] Download iPXE source code :

git clone git://

[4] Edit the file src/config/console.h   and uncomment the lines :

#define CONSOLE_SERIAL          /* Serial port console */
#define CONSOLE_SYSLOG          /* Syslog console */
#define CONSOLE_SYSLOGS         /* Encrypted syslog console */
#define CONSOLE_INT13           /* INT13 disk log console */
Change the following line :
 #define LOG_LEVEL       LOG_ALL
[5] Write a script as follows in a new file and name is something like : myscript.ipxe
sanboot iscsi:<Server IP>::3260:1:<IQN>:<name>
[5] Compile the code as follows :
make bin/ipxe.usb EMBED=myscript.ipxe
[6] Create a fresh 1 GB EBS volume.
[7] Attach this volume to the above instance.
[6] Do a block copy of ipxe.usb file to the volume as follows:
# lsblk    -> will show you the volume path
# file -s /dev/xxx  -> will output  “:data”   which means that volume is empty
# dd if=ipxe.usb  of=/dev/xxx
[7] Detach the volume.
[8] Take a snapshot of the volume.
[9] Create an image from the volume (AMI)
You now have a fully functional AMI that is capable of booting from the image located over a remote iSCSI server.
Note : Compiling the iPXE binary everytime there’s a change in the iSCSI parameters is cumbersome. There is an easy to specify the the ipxe embedded script from the “user-data” bootstrap script functionality provided by AWS.

EC2 allows each instance to have associated arbitrary “user-data”. This is always made available via regardless of the IP address assigned to the instance.

You can therefore create an embedded script which does:



chain -ar

This embedded script will then run the instance’s assigned “user-data”, so you can direct the boot process by simply changing the user data (which is a quick and easy operation)

The AWS “system-log” i.e. console log doesn’t show anything until the instance is completely booted up. Hence, in case of problems, it is difficult to figure out what is wrong.  One way is to redirect the console output of the instance to other EC@ instance using iPXEs  syslog capability. This is the fastest way to see the realtime console output of the instance.
If neither syslog nor serial output is available, then as a last resort CONSOLE_INT13 will be logging to a magic partition on the instance’s boot disk which you can view by detaching the instance’s boot disk (mislabelled as “/dev/sda1”), attaching it to another Linux instance, and then using e.g. “less -f -R /dev/sdb3” to view the output stored in the magic partition.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s